Abstract
In the cyber world, the most important threat focuses on critical infrastructure (CI). CI encompasses the structures and functions that are vital to society’s uninterrupted functioning. It comprises physical facilities and structures as well as electronic functions and services. Critical infrastructure systems comprise a heterogeneous mixture of dynamic, interactive, and non-linear elements. In recent years, attacks against critical infrastructures, critical information infrastructures and the Internet have become ever more frequent, complex and targeted because perpetrators have become more professional. Attackers can inflict damage or disrupt on physical infrastructure by infiltrating the digital systems that control physical processes, damaging specialized equipment and disrupting vital services without a physical attack. Those threats continue to evolve in complexity and sophistication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abomhara M, Køien GM (2015) Cyber security and the Internet of Things: vulnerabilities, threats, intruders and attacks. J Cyber Secur Mobility 4(1):65–88.https://doi.org/10.13052/jcsm2245-1439.414
AP (2015) Iranian hackers infiltrated U.S. power grid, dam computers, reports say. Posted by the Associated Press, CBC/Radio-Canada. https://www.cbc.ca/news/technology/hackers-infrastructure-1.3376342
APTA (2014) Cybersecurity considerations for public transit. Report APTA SS-ECS-RP-001-14. American Public Transportation Association, Washington, DC. https://www.apta.com/wp-content/uploads/Standards_Documents/APTA-SS-ECS-RP-001-14-RP.pdf
Ashenden D (2011) Cyber security: time for engagement and debate. In: European conference on information warfare and security. Academic Conferences, pp 11–16
Ballou T, Allen JA, Francis KK (2016) U.S. energy sector cybersecurity: hands-off approach or effective partnership? J Inf Warfare 15(1):44–59
Beggs C (2006) Proposed risk minimization measures for cyber-terrorism and SCADA networks in Australia. In: ECIW 2006—5th European conference on information warfare and security. Academic Conferences
Ben Boubaker K (2020) Water infrastructure: when states and cyber-attacks rear their ugly heads. Stormshield. https://www.stormshield.com/news/water-infrastructure-when-states-and-cyber-attacks-rear-their-ugly-heads/
Bertino E, Martino LD, Paci F, Squicciarini AC (2010) Web services threats, vulnerabilities, and countermeasures. In: Security for web services and service-oriented architectures. Springer, pp 25–44
Biancuzzo MR (2017) Cybersecurity & critical infrastructure. Briefing Papers, issue 17–13, Thomson Reuters
Brenner B (2011) Nitro attack: points of interest. CSO. https://www.csoonline.com/article/2134921/nitro-attack--points-of-interest.html
Breth J, Douglas C (2020) Cybersecurity needs its place in emergency management now. CPO magazine. https://www.cpomagazine.com/cyber-security/cybersecurity-needs-its-place-in-emergency-management-now/
Brewster T (2015) Attack on LOT Polish airline grounds 10 flights. Forbes. https://www.forbes.com/sites/thomasbrewster/2015/06/22/lot-airline-hacked/?sh=3862c062124e
Brewster T (2016) Ransomware Crooks demand $70,000 after hacking San Francisco transport system. Forbes. https://www.forbes.com/sites/thomasbrewster/2016/11/28/san-francisco-muni-hacked-ransomware/?sh=ae56b3847061
Brumfield C (2020) Attempted cyberattack highlights vulnerability of global water infrastructure. CSO. https://www.csoonline.com/article/3541837/attempted-cyberattack-highlights-vulnerability-of-global-water-infrastructure.html
Burt T (2020) Cyberattacks targeting health care must stop. Microsoft. https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/
Carnegie (2021) Timeline of cyber incidents involving financial institutions. Carnegie. https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline. Retrieved on 24 Jan 2021
CEA (2018) The cost of malicious cyber activity to the U.S. economy. Council of economic advisers, White House, Washington, DC
Chong J (2013) Why is our cybersecurity so insecure? New Republic, https://newrepublic.com/article/115145/us-cybersecurity-why-software-so-insecure
Cimpanu C (2020) Two more cyber-attacks hit Israel's water system. ZDNet. https://www.zdnet.com/article/two-more-cyber-attacks-hit-israels-water-system/
CISA (2019) Chemical sector landscape. Cybersecurity and infrastructure security agency, U.S. Department of Homeland Security
Constantin L (2021) 33 hardware and firmware vulnerabilities: a guide to the threats. CSO. https://www.csoonline.com/article/3410046/hardware-and-firmware-vulnerabilities-a-guide-to-the-threats.html
Corkery M (2016) Once again, thieves enter swift financial network and steal. New York times. https://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html
CRI (2020) Cyber threats to the agriculture sector. Cyber risk international. https://cyberriskinternational.com/2020/04/07/cyber-threats-to-the-agriculture-sector/
CrowdStrike (2020) 2020 global threat report. CrowdStrike
CSO (2017) Homeland Security team remotely hacked a Boeing 757. CSO, https://www.csoonline.com/article/3236721/homeland-security-team-remotely-hacked-a-boeing-757.html
CSO (2018) Ransomware attack hits North Carolina water utility following hurricane. CSO. https://www.csoonline.com/article/3314557/ransomware-attack-hits-north-carolina-water-utility-following-hurricane.html
Das D (2019) An Indian nuclear power plant suffered a cyberattack: here’s what you need to know. The Washington Post. https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/
Department of Health (2018). Medical device cyber security—draft guidance and information for consultation, Australia’s Therapeutic Goods Administration (TGA), 19.12.2018
Deloitte (2017) Cybersecurity for critical infrastructure: growing, high-visibility risks call for strong state leadership. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/public-sector/us-public-sector-cybersecurity-critical-infrastructure.pdf
Deloitte (2021) Global cyber executive briefing: high technology. Case studies, Deloitte Development LLC. https://www2.deloitte.com/ba/en/pages/risk/articles/High-Technology-Sector.html. Retrieved on 13 Jan 2021
Demestichas K, Peppes N, Alexakis T (2020) Survey on security threats in agricultural IoT and smart farming. Sensors 20(22):6458. https://doi.org/10.3390/s20226458
DHS (2010a) Defense industrial base sector-specific plan: an annex to the national infrastructure protection plan. U.S. Department of Homeland Security
DHS (2010b) Emergency services sector-specific plan: an annex to the national infrastructure protection plan. U.S. Department of Homeland Security
DHS (2012) Emergency services sector cyber risk assessment. U.S. Department of Homeland Security
DHS (2013) NIPP 2013: Partnering for critical infrastructure security and resilience. U.S. Department of Homeland Security
DHS (2014) Sector risk snapshots. U.S. Department of Homeland Security
DHS (2015a) Dams sector-specific plan: an annex to the NIPP 2013. U.S. Department of Homeland Security
DHS (2015b) Commercial facilities sector-specific plan: an annex to the NIPP 2013. U.S. Department of Homeland Security
DHS (2016) Introduction to the commercial facilities sector-specific agency. https://zahp.org/wp-content/uploads/2018/01/commercial-facilities-ssa-fact-sheet-2016-508.pdf
DHS (2020) Critical infrastructure security. U.S. Department of Homeland Security. https://www.dhs.gov/topic/critical-infrastructure-security
Duncan SE, Reinhard R, Williams RC, Ramsey F, Thomason W, Lee K, Dudek N, Mostaghimi S, Colbert E, Murch R (2019) Cyberbiosecurity: a new perspective on protecting U.S. food and agricultural system. Front Bioeng Biotechnol 7:63
Dunn Cavelty M (2010) The reality and future of cyberwar. Parliamentary Brief. www.parliamentarybrief.com/2010/03/the-reality-and-future-of-cyberwar Can’t reach this page!
EC (2005) On a European programme for critical infrastructure protection. Green paper, COM (2005) 0576 final, European Commission
EC (2006) On a European programme for critical infrastructure protection. Communication from the Commission, COM(2006) 786 final, European Commission
EC (2007) Towards a general policy on the fight against cyber crime. Communication from the Commission to the European Parliament, the Council and the Committee of the Regions, COM(2007) 267 final, European Commission
EC (2017) Resilience, deterrence and defence: Building strong cybersecurity for the EU. Joint communication to the European Parliament and the Council, JOINT(2017) 450 final, European Commission
EC (2020) Glossary: general government sector. European commission. https://ec.europa.eu/eurostat/statistics-explained/index.php/Glossary:General_government_sector. Retrieved on 25 Jan 2021
EECSP (2017) Cyber security in the energy sector: Recommendations for the European commission on a European strategic framework and potential future legislative acts for the energy sector. EECSP Report, Energy Expert Cyber Security Platform
ENISA (2015) Cyber security and resilience of intelligent public transport: good practices and recommendations. European union agency for network and information security (ENISA)
EU (2008) On the identification and designation of European critical infrastructures and the assessment of the need to improve their protection, Council Directive 2008/114/EC. Official J Euro Union L 345:75–82
Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet dossier, version 1.4. Wired. https://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf
FCC (2014) Cyber security planning guide. Federal Communications Commission (FCC)
Finkle J (2011) Government facilities targets of cyber attacks. Reuters. https://www.reuters.com/article/us-usa-hackers-idUSTRE7656M020110706
FireEye (2016) Cyber threats to the high tech and IT industry. FireEye, Milpitas, CA. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-high-tech.pdf
Fruhlinger J (2020) Equifax data breach FAQ: what happened, who was affected, what was the impact? CSO. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
F-Secure (2019). Cyber threat landscape for the finance sector. F-Secure.
Fuchs J (2020) Why the biggest threat to financial firms is cyber attacks. Avanan. https://www.avanan.com/blog/biggest-threat-financial-firms-cyber-attacks
Gallagher S (2016) German nuclear plant’s fuel rod system swarming with old malware. Ars Technica. https://arstechnica.com/information-technology/2016/04/german-nuclear-plants-fuel-rod-system-swarming-with-old-malware/
Geller E (2020) ‘Massively disruptive’ cyber crisis engulfs multiple agencies. Politico. https://www.politico.com/news/2020/12/14/massively-disruptive-cyber-crisis-engulfs-multiple-agencies-445376
Germano JH (2019) Cybersecurity risk & responsibility in the water sector. American Water Works Association
Gonzales D, Harting S, Adgie MK, Brackup J, Polley L, Stanley KD (2020) Unclassified and secure: a defense industrial base cyber protection program for unclassified defense networks. RAND Corporation, Santa Monica, CA
Goodin D (2018) Hackers infect 500,000 consumer routers all over the world with malware. Ars Technica. https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/
GOV.UK (2017) Public summary of sector security and resilience plans. Cabinet Office, London
GOV.UK (2019) Common cyber attacks: reducing the impact. National Cyber Security Centre
Gronholt-Pedersen J (2017) Maersk says global IT breakdown caused by cyber attack. Reuters. https://www.reuters.com/article/us-cyber-attack-maersk-idUSKBN19I1NO
GSMA (2019) Mobile telecommunications security threat landscape. GSM Association, London
Hackett R (2020) Ransomware attack on a hospital may be first ever to cause a death. Fortune. https://fortune.com/2020/09/18/ransomware-police-investigating-hospital-cyber-attack-death/
Hassanzadeh A, Rasekh A, Galelli S, Aghashahi M, Taormina R, Ostfeld A, Banks MK (2020) A review of cybersecurity incidents in the water sector. J Environ Eng 146(5):03120003
Hess E (2019) People, process, and technology: the trifecta of cybersecurity programs. Helical. https://helical-inc.com/blog/people-process-and-technology-the-trifecta-of-cybersecurity-program/
HHS (2020) Breach portal: notice to the secretary of HHS breach of unsecured protected health information. U.S. Department of Health & Human Services, Washington, DC. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Retrieved on 13 Jan 2021
Hollis D (2011) Cyberwar case study: Georgia 2008. Small wars journal. https://smallwarsjournal.com/jrnl/art/cyberwar-case-study-georgia-2008
HVK (2020). Kriittinen infrastruktuuri. Huoltovarmuuskeskus, https://www.huoltovarmuuskeskus.fi/sanasto#k
INL (2016) Cyber threat and vulnerability analysis of the U.S. electric sector. Mission Support Center Analysis Report, Idaho National Laboratory
ISA (2020) Cybersecurity in the food and agriculture sector. Internet security alliance, Arlington, VA. https://isalliance.org/sectors/agriculture/
Jones SR (2017) The impact that a cyber-attack would cause within the emergency services sector. Master’s thesis, Utica College, ProQuest LLC, Ann Arbor, MI
Kaspersky (2016) Threat intelligence report for the telecommunications industry. Kaspersky Lab
Kennedy C (2019) Government networks are under cyber attack: here’s how cities, agencies can fight back. Homeland security today. https://www.hstoday.us/subject-matter-areas/infrastructure-security/government-networks-are-under-cyber-attack-heres-how-cities-agencies-can-fight-back/
Knott F (2020) The threat of cybercrime for state and local transportation systems. Attila security. https://www.attilasec.com/blog/transportation-systems-cybercrime. Retrieved on 13 Jan 2021
Kovacs E (2020) Telecom sector increasingly targeted by Chinese hackers: CrowdStrike. Security week. https://www.securityweek.com/telecom-sector-increasingly-targeted-chinese-hackers-crowdstrike
Kovanen T, Nuojua V, Lehto M (2018) Cyber threat landscape in energy sector. In ICCWS 2018: Proceedings of the 13th international conference on cyber warfare and security. Academic Conferences International, pp 353–361
Kumar V (2020) Cybersecurity challenges and solutions in the telecom industry. Industry wired. https://industrywired.com/cybersecurity-challenges-and-solutions-in-the-telecom-industry/
Kuokkanen N (2020). Kriittisen infrastruktuurin suojaaminen Suomessa. Kandidaatin tutkielma, Jyväskylän yliopisto
Laiho M (2020) Toimenpidealoite yhteiskunnan toiminnan kannalta kriittisten alojen työntekijöiden tai sen määrittelyjen perusteiden säätämiseksi. Toimenpidealoite TPA 27/2020 vp, Suomen eduskunta
Lehto M (2013) The cyberspace threats and cyber security objectives in the cyber security strategies. Int J Cyber Warfare Terrorism 3(3):1–18
Lehto M (2015) Phenomena in the cyber world. In: Lehto M, Neittaanmäki P, (eds) Cyber security: analytics, technology and automation. Springer, Cham, pp 3–29. https://doi.org/10.1007/978-3-319-18302-2_1
Lehto M (2020) Cyber security in aviation, maritime and automotive. In: Diez P, Neittaanmäki P, Periaux J, Tuovinen T, Pons-Prats J (eds) Computation and big data for transport. Springer, Cham, pp 19–32. https://doi.org/10.1007/978-3-030-37752-6_2
Liaropoulos A (2010) War and ethics in cyberspace: cyber-conflict and just war theory. In: Proceedings of the 9th European conference on information warfare and security (Thessaloniki, 2010), pp 177–182
Lobel M (2014) Security risks and responses in an evolving telecommunications industry. PwC (network of member firms of PricewaterhouseCoopers International Limited)
Loukas G, Gan D, Vuong T (2013) A review of cyber threats and defence approaches in emergency management. Future Internet 5(2):205–236. https://doi.org/10.3390/fi5020205
Macola IG (2020) The five worst cyberattacks against the power industry since 2014. Power technology. https://www.power-technology.com/features/the-five-worst-cyberattacks-against-the-power-industry-since2014/
Mallon S (2020) Ransomware and the defense industrial base. SmartData collective. https://www.smartdatacollective.com/ransomware-and-defense-industrial-base/
NCC (2019) Cyber security in UK agriculture. NCC group, https://research.nccgroup.com/wp-content/uploads/2020/07/agriculture-whitepaper-final-online.pdf
NIAC (2017) Securing cyber assets: addressing urgent cyber threats to critical infrastructure. The President’s National Infrastructure Advisory Council (NIAC)
Nikander J, Manninen O, Laajalahti M (2020) Requirements for cybersecurity in agricultural communication networks. Comput Electron Agric 179:105776
OAGOV (2020) Cyber security threats against global governments increase exponentially. Open access government. https://www.openaccessgovernment.org/cyber-security-threats-global-governments-increasing/96789/
Okupa H (2020) Cybersecurity and the future of agri-food industries. Master’s thesis, Kansas State University
Orr K (2020) Cyber attacks against state and local governments surge. CyberArk Software Ltd. https://www.cyberark.com/resources/blog/cyber-attacks-against-state-and-local-governments-surge
Pagliery J (2015) The inside story of the biggest hack in history. CNN business. https://money.cnn.com/2015/08/05/technology/aramco-hack/
Pagliery J (2016) Hackers destroy computers at Saudi aviation agency. Cable news network (CNN). https://money.cnn.com/2016/12/01/technology/saudi-arabia-hack-shamoon/
Papesh J (2019) When tech is the target: cyber risks for tech companies. AXA XL. https://axaxl.com/fast-fast-forward/articles/when-tech-is-the-target_cyber-risks-for-tech-companies
Police1 (2017) 9 cyberattacks that threatened officer safety and obstructed justice. Police1, Lexipol, Frisco, TX. https://www.police1.com/cyber-attack/articles/9-cyberattacks-that-threatened-officer-safety-and-obstructed-justice-dCWXReoa54CkcH3y/
Polityuk P, Vukmanovic O, Jewkes S (2017) Ukraine's power outage was a cyber attack: Ukrenergo. Reuters. https://www.reuters.com/article/us-ukraine-cyber-attack-energy-idUSKBN1521BA
Pye G, Warren M (2011) Analysis and modelling of critical infrastructure systems. In:10th European conference on information warfare and security (ECIW 2011). Academic Conferences, Reading, pp 194–201
Quinn C (2018) The emerging cyberthreat: cybersecurity for law enforcement. Police Chief Magazine. https://www.policechiefmagazine.org/the-emerging-cyberthreat-cybersecurity/
Safety4Sea (2018) 2018 highlights: Major cyber attacks reported in maritime industry. Safety4Sea. https://safety4sea.com/cm-2018-highlights-major-cyber-attacks-reported-in-maritime-industry/
SCF (2020) All you need to know about cyber security threats in energy sector. Swiss cyber forum. https://www.swisscyberforum.com/all-you-need-to-know-about-cyber-security-threats-in-energy-sector/
Scheuermann JE (2017) Cyber-physical attacks on critical infrastructure: What’s keeping your insurer awake at night? K&L Gates. https://www.klgates.com/Cyber-physical-Attacks-on-Critical-Infrastructure--Whats-Keeping-Your-Insurer-Awake-at-Night-01-24-2017
Securicon (2019) What’s the difference between OT, ICS, SCADA and DCS? Securicon, Alexandria, VA. https://www.securicon.com/whats-the-difference-between-ot-ics-scada-and-dcs/
Spiegel (2014). Hacker legten deutschen Hochofen lahm. Spiegel, https://www.spiegel.de/netzwelt/web/bsi-bericht-hacker-legten-deutschen-hochofen-lahm-a-1009191.html
Stoye E (2019) Hexion, Momentive and Norsk Hydro all hit by ransomware cyber attacks. Chemistry world. https://www.chemistryworld.com/news/hexion-momentive-and-norsk-hydro-all-hit-by-ransomware-cyber-attacks/3010328.article
Swivel (2020) 9 reasons why healthcare is the biggest target for cyberattacks. Swivel secure. https://swivelsecure.com/solutions/healthcare/healthcare-is-the-biggest-target-for-cyberattacks/
Synack (2020) The 2020 trust report: measuring the value of security amidst uncertainty. Synack
Thompson M (2016). Iranian cyber attack on New York dam shows future of war. Time. https://time.com/4270728/iran-cyber-attack-dam-fbi/
Tunggal AT (2020) What is an attack vector? Common attack vectors. UpGuard. https://www.upguard.com/blog/attack-vector
UN (2018) The protection of critical infrastructures against terrorist attacks: compendium of good practices. United Nations
US-Army (1995) Joint doctrine for military operations other than war. Joint Pub 3-07, US Army
US-GOV (2001) Uniting and strengthening America by providing appropriate tools required to intercept and obstruct terrorism (USA Patriot Act) act of 2001. Public Law 107–56, U.S. Congress
US-GOV (2019) Foreign cyber threats to the United States: hearing before the committee on armed services, United States Senate, one hundred fifteenth congress, first session, Jan 5, 2017. U.S. Government Publishing Office, Washington, DC
van Niekerk B (2018) Analysis of cyber-attacks against the transportation sector. In: Cyber security and threats: concepts, methodologies, tools, and applications. IGI Global, pp. 1384–1402
Wandera (2020) Cybersecurity in the healthcare industry. Wandera. https://www.wandera.com/cybersecurity-healthcare/. Retrieved on 25 Jan 2021
Warren M, Pye G, Hutchinson W (2010) Australian critical infrastructure protection: a case of two tales. In: SECAU 2010: proceedings of the 11th australian information warfare and security conference. SECAU Security Research Centre, pp 30–36
WaterPower (2019) Hydropower facilities: vulnerability to cyber attacks. Water Power Magazine
WEC (2016) The road to resilience: managing cyber risks. World Energy Council
Weed AS (2017) US policy response to cyber attack on SCADA systems supporting critical national infrastructure. Air University Press
Williams S (2020) Tech industry most attacked sector. IT Brief Australia. https://itbrief.com.au/story/report-tech-industry-most-attacked-sector
Yle (2016) Russian group behind 2013 Foreign Ministry hack. Yle. https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548
Yle (2020) Emails compromised in cyber-attack on Finland’s Parliament. Yle. https://yle.fi/uutiset/osasto/news/emails_compromised_in_cyber_attack_on_finlands_parliament/11716393
Zetter K (2015) Countdown to zero day: Stuxnet and the launch of the world’s first digital weapon. Broadway Books, New York
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Lehto, M. (2022). Cyber-Attacks Against Critical Infrastructure. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security. Computational Methods in Applied Sciences, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-030-91293-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-91293-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91292-5
Online ISBN: 978-3-030-91293-2
eBook Packages: Computer ScienceComputer Science (R0)